Course Title: Cybersecurity 1a/1b
State Course Title: Cybersecurity
State Standards: Information Technology
Date of Standards: 2022
1.Incorporate safety procedures in handling, operating, and maintaining tools and machinery; handling materials; utilizing personal protective equipment; maintaining a safe work area; and handling hazardous materials and forces.
1a: Foundations Unit 2: Computers and Operating Systems Lessons 1, 2
Describe and illustrate the components of a computer and how they operate as well as the types of hardware used with desktop computers, laptops, tablets, CPU, motherboard and cabling.
Critical Thinking 5, Lab, Activity
Students will explore the components of a computer through using online research and answering questions related to the provided link.
Fully Met
2.Demonstrate effective workplace and employability skills, including communication, awareness of diversity, positive work ethic, problem-solving, time management, and teamwork.
Cybersecurity 1b: Defense Against Threats Unit 8: Cybersecurity Careers Lesson 1
Identify the employability skills in various types of cybersecurity careers such as working well with a team and being able to collaborate effectively with others, detail oriented, good organization and communication skills, being able to assess the security needs of a company, knowledge about technological tools and concepts, confidentiality and be knowledgeable in mind sports (games and challenges for the mind - virtual battles and understanding the virtual landscape.)
Critical Thinking 1, 2, 3, 5; Lab, Activity, Discussion 1
Students will research local career opportunities in cybersecurity as well as create a personal resume and portfolio for an interview.
Fully Met
3.Explore the range of careers available in the field and investigate their educational requirements, and demonstrate job-seeking skills including resume-writing and interviewing.
4.Advocate and practice safe, legal, responsible, and ethical use of information and technology tools specific to the industry pathway.
5.Participate in a Career and Technical Student Organization (CTSO) to increase knowledge and skills and to enhance leadership and teamwork.
6.Use technology to collaborate with peers and/or experts to create digital artifacts that can be published online for a target audience.
7.Formulate new ideas, solve problems, or create products through the design and engineering process by utilizing testing, prototypes, and user feedback.
Cybersecurity 1b: Defense Against Threats Unit 8: Cybersecurity Careers Lesson 1
List and describe the jobs and educational requirements of various careers in the field of cybersecurity such as CISO (Chief Info Security Officer), Security Architect, Security Director, Security Manager, Security Engineer, and Security Analyst.
Critical Thinking 2, Lab, Activity
Students will investigate local opportunities in field of cybersecurity. Students will create a resume, cover letter and portfolio for use in obtaining a cybersecurity job.
Fully Met
Cybersecurity 1b: Defense Against Threats Unit 2: Laws, Ethics, and Digital Boundaries Lessons 1-3
Define and discuss the terms "ethics' as moral principles that guide behavior and "netiquette" as online acceptable behavior and etiquette in communicating and how both affect actions and behaviors online.
Critical Thinking 1-5, Lab, Activity, Discussion 1, 2
Students will evaluate the "Ten Commandments of Cyber Ethics" and give personal opinions on at least three of these.
Fully Met
Not Met
Not Met
Not Met
Technology Laws, Ethics, and Digital Safety
1.Identify and discuss ethical considerations and consequences resulting from technological advances. Examples: deepfake, facial recognition, big data, privacy concerns
2.Research and discuss federal laws, regulations, and agencies that govern online activities and individual and corporate network use. Examples: Computer Security Act, Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, Computer Fraud and Abuse Act, Payment Card Industry Data Security Standard (PCI DSS); COPPA, HIPAA, FERPA, and CMMC regulations
3.Gather and share information regarding ethical standards which apply to cybersecurity professionals.
4.Describe national and international standards and frameworks related to security operations. Examples: Center for Internet Security (CIS), National Institute of Standards and Technology (NIST) RMF/CSF, International Organization for Standardization (ISO)
5.Identify security policies related to the employees of organizations or businesses and discuss the importance of establishing such policies. Examples: personnel policies, acceptable use, non-disclosure agreements, credential policies
Cybersecurity 1b: Defense Against Threats
Unit 2: Laws, Ethics, and Digital Boundaries
Lessons 1-3
Explain various laws that apply to online security such as privacy and cyberbullying including Aaron's Law, Digital Millennium Copyright Act, Computer Fraud and Abuse Act (CFAA)
Critical Thinking 2, 4, 5, Lab
Students will research websites dealing with cyberbullying and anti-bullying laws. Fully Met
Cybersecurity 1b: Defense Against Threats
Unit 2: Laws, Ethics, and Digital Boundaries Lessons 1-3
Define and discuss the terms "ethics' as moral principles that guide behavior and "netiquette" as online acceptable behavior and etiquette in communicating and how both affect actions and behaviors online.
Critical Thinking 1-5, Lab, Activity, Discussion 1, 2
Students will research websites dealing with cyberbullying and anti-bullying laws. Fully Met
6.Explain and differentiate among identification, authentication, authorization, and accounting for controlling access.
Explain authentication as the confirming of the identity of a user by asking for validation such as a username and password or thumbprint.
Critical
Fully
Met
create a security manual which addresses the access control
Describe and discuss the security controls for administrative access to computers which safeguards against possible threats such as MAC (Mandatory Access Control) which gives the administrator only usage and management of policies concerning security access, and DAC (Discretionary Access Control) which is defined as "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong" which allows passing authorization to another unless forbidden by a MAC and RBAC (Role Based Access Control which regulates access to a network or resources based on the role of a user and their authorization to perform certain tasks. Thinking 2, 3, 5, Lab, Discussion 1, 2 Students create an internet security manual for IT professionals Fully Met
7. Explain the principle of least privilege as it relates to account policy.
Explain authorization gives permission to administrators to decisions about movement and privilege of users, they create folders and files on the root level establishing safety parameters and settings.
Critical Thinking 4, 5, Lab, Discussion 2
Not Met
Students will prepare a document which can be used by an IT professional relating to specific elements that need to be addressed in a small business.
Fully Met
9. Select and implement user account management controls for a given scenario.
10. Implement secure password and account policies in an operating system. Cybersecurity 1a: Foundations Unit 5: Access Control Lesson 1, 3,4
11. Perform basic system audits and analyze log files in a given scenario.
12. Use the command/terminal line to configure security settings.
13. Perform basic system administration tasks in more than one operating system.
Discuss the uses of passwords in accessing an operating system including configuring a router and creating a password as well as using a password for authentication purposes
Critical Thinking 4, Discussion 2
Not Met
Students are asked to analyze and consider various methods of authentication including passwords. Fully Met
Not Met
Not Met
Not Met
Network Foundations
14. Differentiate among types of networking cable mediums and standards to determine which type to use in a given situation. Examples: copper cabling, fiber optic
15. Compare and contrast notational systems, including binary, hexadecimal, decimal, and ASCII.
Cybersecurity 1a: Foundations Unit 4: Network Security Lesson 1
Describe and explain the various types of cabling used in a network such as ordinary copper wire/twisted pair, STP (shielded) which is the twisting of four cables, unshielded (UTP) 4 copper wires enclosed in plastic with varying degrees of strength CAT3, CAT4, CAT5, CAT6, CAT7, coaxial uses a single copper conductor, and fiber optic which uses strands of glass fibers plus copper ones
Critical Thinking 1, Activity, Discussion 1 Students are asked to assess appropriate internal cabling for a new house. Fully Met
Not Met
16. Identify and describe common TCP and UDP ports and services. Examples: DNS, HTTP, SSH, TELNET, TLS, FTP, SMTP, IMAP, POP, DHCP, LDAP, NTP, SNMP, RDP, SCP, RTP
Cybersecurity 1a: Foundations Unit 3: Networking Fundamentals Lesson 3
Describe and explain internet protocol suite which is a collection of rules designed for the internet specifically and other public networks including DHCP which uses a server to assign IP addresses, HTTP is a command that tells the web server to get and supply requested info, TLS uses encryption for security, ICMP lets user know when an error has occurred, ARP maps network addresses to physical hardware, and IMAP, POP3, SMTP which manages transmission and delivers internet mail.
Critical Thinking 1, 2, Activity
Students will trace how various types of data moves through the seven layers of the OSI
Fully Met
17. Classify IP addresses according to IPv4 and IPv6, private and public IP ranges, and special IPs.
Cybersecurity 1a: Foundations Unit 3: Networking Fundamentals Lesson 3
Describe the ARP (Address Resolution Protocol) versions such as IPv4, IPv6, which is used to access the internet using a unique IP address. Lab
Students determine if a public and private IP address is either IPv4 or IPv6 Fully Met
18. Use subnetting to determine the number of hosts and/or subnets on a given network. Not Met
19. Differentiate between the OSI and TCP/IP models, layers, encapsulation, and decapsulation.
Cybersecurity 1a: Foundations
Unit 3: Networking Fundamentals Lessons 1, 3
Describe and explain TCP (Transmission Control Protocol) as how network conversations should be established and maintained and creates the basic rules of the internet and it is used in the Transport Layer of the OSI Model; the OSI Model (Open System Interconnection) divides network communication into 7 distinct layers each layer is created by a combination of applications, OSs, networking hardware, and card device drivers.
Lab, Activity Students will track data through an OSI model Fully Met
20. Use various network tools in computer operating systems environments. Examples: ipconfig, ifconfig Ping, nslookup, tracert, netstat, iptables; Windows, Linux, Apple
Cybersecurity 1a: Foundations Unit 2: Computers and Operating Systems Lesson 3 Discuss and explain various types of operating systems such as Microsoft Windows on PCs, Mac OS created by Apples and open source operating systems such as Linux which is free to download.
Critical Thinking 2, Activity, Discussion 2 Students will set up and run a virtual computer Fully Met
21. Perform an install of an operating system in a virtual environment.
Cybersecurity 1a: Foundations Unit 2: Computers and Operating Systems Lesson 3 Discuss and explain various types of operating systems such as Microsoft Windows on PCs, Mac OS created by Apples and open source operating systems such as Linux which is free to download.
Critical Thinking 2, Activity, Discussion 1 Students will set up and run a virtual computer Fully Met
Security Foundations
22. Apply the parts of the CIA triad (confidentiality, integrity, and availability) to a given security scenario.
Cybersecurity 1a: Foundations Unit 1: Basics of Cybersecurity Lesson 3
Explain the AIC triad designed to guide cybersecurity policies and including confidentiality which is the limiting of access to certain information, integrity ensures that online info is trustworthy and accurate and the info cannot be altered or deleted by unauthorized people, and availability instantly repairs operating systems to keep them running properly and provides for disaster recovery and system upgrades.
Activity
Students will design cybersecurity policies for a bank using the CIA Triad elements
23. Describe various types of physical security controls and explain their importance. Cybersecurity 1a: Foundations Unit 5: Access Control Lesson 2
24. Analyze attributes of various types of malware and other attacks to determine the key characteristics of each type.
Examples: virus, worm, brute force, backdoor, spyware, remote access tool (RAT)
25. Describe various types of social engineering.
Cybersecurity 1b: Defense Against Threats Unit 3: Black Hats Lesson 4
Explain that not all security is in the form of technical options but there are physical security options as well such as physical obstacle protection like fences, locks, motion detectors, and video surveillance tools.
Describe and discuss the types of threats and attacks on computer systems such as Trojan viruses, backdoor, spyware, botnet, rootkit, and spoofing, all designed to steal information from your computer or limiting the use of the computer.
Critical Thinking 1, 5, Lab, Activity, Discussion 1, 2
Students will critically analyze a series of questions concerning hacking after viewing a TED Talk video.
Fully Met
Cybersecurity 1b: Defense Against Threats Unit 4: Cyber Safety Lesson 2
Explain various types of social engineering which are geared toward stealing information such as "shoulder surfing", "dumpster diving", "credential reuse", baiting, pretexting, and smishing.
Critical Thinking 1, 2, 4, Activity
Students will create a pamphlet with information regarding how to recognize social engineering attempts, and where to report such incidences.
Fully Met
26. Describe various types of application attacks and threats.
Examples: cross-site scripting, SQL injection, buffer overflow
Cybersecurity 1b: Defense Against Threats Unit 3: Black Hats Lesson 4
Explain application attacks as hackers gaining access to unauthorized areas such as with botnet which compromises an entire network of computers and is under the control of a malicious actor, and rootkit which is a program designed to provide privileged access to a computer and has complete and remote control to execute files; spoofing where a malicious party impersonates another drive or user; and spyware is software designed to quietly monitor what you do online without your knowledge
Critical Thinking 1-3, 5, Lab, Activity, Discussion 1, 2
Students will learn how to navigate and recognize a "spoof" to a MAC address
Fully Met
27. Analyze types of network attacks. Examples: man in the middle, layer 2 attacks, denial of service, DNS poisoning
Cybersecurity 1a: Foundations Unit 6: Mobile Devices and Cloud Computing Lesson 3
Define and explain such threats to wireless networks as 'denial of Service which is an attack that overwhelms a network resource, with fake visitors and crowds thus denying service to user, man-inthe-middle is an attack that involves eavesdropping and/or manipulation where the hacker listens.
Critical Thinking 1, 4, 5
Students will engage in critical thinking skills answering multiple questions concerning the protection of operating systems and mobile devices.
Fully Met
a. Identify and analyze wireless network threats. Examples: evil twin, bluesnarfing, jamming, disassociation
8. Describe different types of threat actors and threat vectors. Examples: APT’s; black hat, white hat, and gray hat hackers; supply chain; social media
Cybersecurity 1b: Defense Against Threats Unit 1: Cybersecurity Threats Lesson 2
Identify types of threats such as APT (Advanced Persistent Threat) which is considered the most problematic since it is organized by a group in order to target a specific organization; white hats are those that help security companies; black hats are those looking to gain illegal access to a system and steal information, gray hats are hackers who gain access without malicious intent but will use the info gathered with permission.
Not Met
Critical Thinking 1-4, Lab, Activity, Discussion 2 Students will analyze various types of threats by preparing a slide presentation
Fully Met
29. Predict security concerns and possible vulnerabilities associated with system hardening. Examples: weak configurations, open ports and services, third-party risks
30. Describe the techniques used in security assessments. Examples: threat hunting, vulnerability scans, security information and event management (SIEM)
31. Explain basic cryptographic concepts. Examples: historic ciphers, symmetric, asymmetric, hashing, quantum computing uses
32. Describe the purpose and scope of a cybersecurity disaster recovery plan for a given simulated or actual work environment.
Cybersecurity 1a: Foundations Unit 7: Protecting Data Lesson 2
Discuss the techniques used for hardening which are the approaches used as security layer for a computer such as keeping software updated, installing a firewall, use encryption, install virus and malware protection and uninstall unused applications. Lab, Discussion 2
Students will analyze a file and propose ways to use the tools learned to improve cybersecurity including managing security patches.
Fully Met
Not Met
Cybersecurity 1a: Foundations Unit 7: Protecting Data Lesson 3
Define and explain encryption as the process of encoding messages or data in a way that only authorized people can access including Cryptography which uses math principles and formulas to create a cipher of algorithm for performing encryption
Cybersecurity 1b: Defense Against Threats Unit 7: Protecting Data Lesson 1 Explain the importance in having a IRP (incident response plan) including clear, concise and detail instructions in the event of a security breach or attack.
Lab, Activity
Students will be able to research how drive encryption is performed for Linux, Winddowns and Mac OS X and answer a series of critical thinking questions associated with the resources supplies
Fully Met
Critical Thinking 2, Discussion 1, 2
Students discuss incident response plans both on a personal level and computer evaluating 5 indications that the computer is infected with malware.
Fully Met